Privacy Policy

Last updated: 25 May 2026 (biometric consent + lead-data ownership additions)

This Privacy Policy applies to Vielle Group Pty Ltd (ACN 692 339 781, ABN 30 692 339 781), trading as "Seize The Yes". Any references to "we," "us," or "our" in this policy refer to Vielle Group Pty Ltd. By engaging with Seize The Yes, you acknowledge and agree that your personal information will be handled in accordance with this Privacy Policy.

This policy describes how we collect, manage, store, use and disclose your personal information. It contains the broad privacy framework within which we operate, and should be read in conjunction with any supplementary privacy policies and implementation procedures that we introduce or vary from time to time.

If you do not agree with the terms of this policy, please do not provide us with your personal information.

Your personal information and privacy

Our Privacy Policy sets out the ways in which we may collect, store, use, disclose and manage your personal information. It also explains the physical, electronic and security measures we will take to protect your personal information.

By supplying us with personal information through this website, you accept the inherent security risks of dealing online over the internet and agree not to hold us responsible for any breach of security, unless we have breached a law, been grossly negligent, or in wilful default of our duties to you.

We reserve the right to disclose information about users of this website to third parties, provided that the information is de-identified and does not identify any individuals. We take complaints about privacy matters very seriously and our complaints handling procedure is set out below.

Definitions

Information and records may be in electronic or hard copy form. This policy does not extend to information or records that are publicly available, or that would constitute an "employee record" as defined by the Privacy Act 1988 (Cth) (Privacy Act).

Personal information is information or an opinion that identifies you, or from which your identity can be reasonably ascertained (irrespective of whether the information or opinion is true, and regardless of the form in which it is recorded).

Sensitive information is an important type of personal information relating to your: biometrics; criminal record; genetics; health; membership of a political association; membership of a professional or trade association; membership of a trade union; philosophical beliefs; political opinions; racial or ethnic origin; religious beliefs or affiliations; or sexual orientation or practices.

What types of personal information do we collect and hold?

Depending upon how you interact with us, we may collect the following types of personal information from you:

• your name, gender and date of birth;
• your email address;
• your occupation, job title and place of business;
• the technology you use to access our services;
• your residential and postal address;
• telephone numbers;
• government related identifiers, such as ABN or tax file numbers (where required for invoicing);
• your bank account or financial details (processed by Stripe; we do not store full card numbers);
• business and brand information you provide as inputs to our Seize The Yes service, including business goals, target customers, brand preferences, content, marketing strategy, and any related materials.

You may refuse to provide personal information to us. However, if you exercise this right, it may affect our ability to deliver our services to you.

You may also deal with us anonymously or by using a pseudonym. However, if you do so, we may be prevented from providing you with accurate or useful information, and you may not be able to access our full range of services.

Why do we collect, hold, use and disclose personal information?

We may collect, hold and use your personal information to:

• provide information in relation to our services, including those we consider may be of interest to you in the future;
• deliver the Seize The Yes service, including generating brand assets and ongoing marketing support;
• administer and manage processes which are key to our operations, such as processing orders for our services;
• effect the collection of money that you owe to us and to support auditing, compliance and other corporate governance functions;
• create an online user profile for you to access our services;
• determine your eligibility for certain types of offers, goods or services that may be of interest to you;
• answer your queries, provide you with information you may have requested and generally conduct dealings with you; and
• comply with legislative or other legal requirements.

We may disclose your personal information to:

• companies or individuals that assist us to provide our services or administer our internal operations, including those listed in "Use of third-party software" below;
• third-party AI providers as described in "Use of third-party AI services" below;
• government authorities or other agencies where the disclosure is required or authorised by law;
• anyone else to whom you authorise us to disclose your personal information;
• prospective purchasers of all or substantially all of our business or assets, in the event of a merger, reorganisation or acquisition;
• external business advisors, such as auditors and lawyers, under confidentiality.

There are also a limited number of circumstances in which the Privacy Act permits the use or disclosure of your personal information without your consent — for example, where the use or disclosure is necessary to prevent a serious and imminent threat to any person's life, health or safety.

Use of third-party AI services

Seize The Yes uses third-party artificial intelligence services to deliver brand generation and marketing outputs. As at the date of this Policy, these include:

• Anthropic (Claude API) — anthropic.com/legal/privacy
• OpenAI (Whisper transcription for voice training) — openai.com/policies/privacy-policy
• PiAPI (consolidated image + video generation — Flux Dev for stills, Veo 3 Fast and Kling 2.6 for video) — piapi.ai/privacy
• ElevenLabs (voice synthesis from a per-Seizer cloned voice; voice recordings sent to ElevenLabs are biometric data — see "Biometric information — voice and avatar" below) — elevenlabs.io/privacy
• HeyGen (talking-head avatar video for off-camera Seizers; the avatar is generated from biometric reference media — see "Biometric information — voice and avatar" below; only used when the Seizer has explicitly enabled an avatar) — heygen.com/policy/privacy-policy

When you provide inputs to our service, those inputs may be transmitted to and processed by these AI providers, including on infrastructure located outside Australia (primarily in the United States, with some video providers also operating in China — see note on PiAPI video below).

We use these AI providers under their API terms of service. Where available, we use API tiers that prohibit the use of customer inputs to train provider models by default. The AI provider may retain inputs for a limited period to monitor for abuse, in accordance with their privacy policies.

Note on PiAPI video models: PiAPI is our consolidated media provider and is the only gateway we use for image and video generation. Some of the video models PiAPI exposes — including Kling 2.6, operated by Kuaishou Technology — run on infrastructure located in China and may be subject to Chinese law. Inputs you provide to a video-generation feature may therefore be processed and stored on Chinese infrastructure via PiAPI. If you do not wish your inputs to be processed by these models, please notify us at hello@seizetheyes.com and we will exclude your account from the affected video features where possible.

Biometric information — voice clone

Voice recordings used to clone your speaking voice via ElevenLabs are biometric information under the Australian Privacy Act 1988 and are treated as sensitive information under APP 3.

We will not store, clone or use a voice recording for AI generation until you have provided explicit, separately-recorded consent for that specific use. Consent is captured by ticking the dedicated consent box at the point of upload (onboarding step 18, or Settings → Voice) and the timestamp is recorded on your profile. Bundled acceptance of these Terms or this Privacy Policy alone is not sufficient consent for biometric voice processing.

You may withdraw your voice consent at any time:

• by using the revoke button at Settings → Voice; or
• by emailing hello@seizetheyes.com.

On revocation we will:

• delete the cloned voice from ElevenLabs;
• delete the raw voice samples stored in our Supabase storage; and
• clear the consent timestamp on your profile so no further voice generation can occur until you re-consent.

Voice content that has already been generated and published to your own social or marketing surfaces is not recalled — those copies live on the platforms you sent them to and are outside our control.

HeyGen avatar reference media (used to generate a talking-head digital twin) is also biometric information and is also treated as sensitive information under APP 3. Today an avatar is only created at your explicit request — usually by your Yesser during onboarding when you have chosen not to be on camera. A dedicated in-app consent capture for avatar reference media is being rolled out (#286); in the interim, contact hello@seizetheyes.com to record, change or withdraw consent for avatar processing, and we will action it manually and confirm by email.

Lead-data ownership

Where you (as a Seizer using the Seize The Yes service) capture leads through the funnels, quizzes, forms or websites we run on your behalf:

• You own the lead data. Every lead record (including name, email, quiz answers, conversion stage, contact history and any notes) is your data. Seize The Yes acts as data processor on your behalf in handling it.

• Export at any time, at no cost. On request — or automatically on cancellation of your subscription — we will export your complete lead dataset (CSV: leads, email_sends, bookings, plus a manifest) and email you a download link within 7 days. The link uses a private storage bucket and a signed URL with a 7-day expiry; if it expires before you download, email us for a fresh link.

• Deletion after export. Lead data is deleted from Seize The Yes systems 30 days after we confirm your export download (or 30 days after delivery if we receive no further request). If you need a longer retention window — for example to keep the data accessible while you migrate to another tool — let us know and we will hold it for a reasonable period.

• Nothing in this section limits your rights under the Privacy Act, the Australian Consumer Law, or equivalent data-protection regimes that may apply to your end users.

Use of third-party software

Our website and services use the following third-party services and technologies:

• Supabase (primary database, authentication and file storage) — supabase.com/privacy
• Stripe (payment processing) — stripe.com/privacy
• Xero (accounting and invoicing) — xero.com/au/legal/privacy
• Vercel (frontend hosting) — vercel.com/legal/privacy-policy
• Render (auxiliary worker hosting) — render.com/privacy
• Inngest (background job processing) — inngest.com/privacy
• Sentry (error monitoring and logging) — sentry.io/privacy
• PostHog (product analytics) — posthog.com/privacy
• Google Workspace (email and document hosting for hello@seizetheyes.com) — policies.google.com/privacy
• Resend (transactional email delivery) — resend.com/legal/privacy-policy
• MailerLite (marketing email delivery) — mailerlite.com/legal/privacy-policy
• Cal.com (meeting scheduling) — cal.com/privacy
• Loom (video recording and sharing) — loom.com/privacy
• Zapier (workflow automation) — zapier.com/privacy
• ClickUp (internal task and operations management) — clickup.com/terms/privacy-policy
• Discord (Seizer community access and role assignment) — discord.com/privacy
• Outstand (per-Seizer scheduled-publishing engine for social posts) — outstand.com/privacy
• Social Champ (Seizer-connected scheduled publishing) — socialchamp.io/privacy-policy
• Meta (Facebook and Instagram advertising and analytics, including the Meta Pixel; Meta Ads SDK is also used to pull campaign metrics for connected Seizer ad accounts) — facebook.com/privacy/policy
• Google Analytics 4 (where a Seizer connects her own GA4 property to pull campaign metrics) — policies.google.com/privacy
• Shopify (where an ecommerce Seizer connects her own store via OAuth to surface revenue + product metrics) — shopify.com/legal/privacy
• Klaviyo (where a Seizer brings her own Klaviyo account to power email + SMS via BYOK keys) — klaviyo.com/privacy
• Reddit (Reddit Ads pixel, when consented) — redditinc.com/policies/privacy-policy
• AI providers as listed in "Use of third-party AI services" above

Your personal information may be collected directly by these third-party providers when you interact with our website. You should review their privacy policies to ensure you are satisfied with how they handle your data. Except where stated otherwise in this Policy, those third parties' dealings in your personal information are not subject to our control, and we are not sponsored, affiliated, or associated with those providers.

Error logging

We use Sentry to monitor application errors. When errors occur, Sentry may capture technical details including the URL you were on, your browser type, and limited contextual data. We have configured Sentry to scrub sensitive fields (passwords, payment information) from error logs, but error reports may incidentally contain personal information such as your email address or user ID. Error logs are retained for a limited period for the purpose of debugging and improving the service.

Cookies and tracking

Our website uses cookies and similar technologies for site functionality, analytics, and (with your consent) advertising and remarketing. Non-essential cookies — including the Meta Pixel and analytics cookies — are blocked by default until you provide consent through our cookie banner.

You can change your cookie preferences at any time by clicking "Cookie preferences" in the footer. You can also manage cookies through your browser settings. Disabling cookies may affect site functionality.

Direct marketing

We may collect, store and use your personal information to market our services to you, where you have provided your implied or express consent. Consent may be implied when you have purchased services from us, subscribed to receive information from us, or enquired about services we provide.

We will not disclose your personal information to a third party for the purposes of marketing a third party's products or services to you, without your consent.

You may opt out of receiving marketing material at any time by contacting us directly using the details below, or using the unsubscribe method provided in any electronic marketing communication.

• To unsubscribe from email: click "Unsubscribe" in the footer of any marketing email.
• To unsubscribe from text messages: reply "STOP".

AI-assisted communications

By providing your phone number, you consent to receive communications from us via phone, SMS or WhatsApp, including those made using AI-assisted or automated technology. These communications will relate to your application and the services we offer.

Cross-border disclosure of personal information

Personal information submitted on this website will be stored in the cloud (that is, on internet-based infrastructure). To assist us to store and access your personal information, we may store it with, or allow it to be accessed by, overseas third parties who provide cloud infrastructure, AI processing, and software services.

These third parties are situated, and store content, offshore (primarily in jurisdictions including the United States and may include Canada, the United Kingdom, the European Union, China and other regions where our service providers operate). Your personal information may therefore be transmitted, disclosed, stored or accessed to and from overseas jurisdictions.

If you submit your personal information on this website, you consent to the transmission, disclosure, storage and access of your personal information by third parties in overseas jurisdictions. APP 8, which would ordinarily oblige us to take reasonable steps to ensure overseas recipients do not breach the Australian Privacy Principles (other than APP 1), will not apply to that disclosure.

If overseas recipients handle your personal information in a manner inconsistent with the APPs:

• to the maximum extent permitted by law, we will not be accountable under the Privacy Act for any resulting loss or damage you may suffer;
• to the maximum extent permitted by law, you will not be able to seek redress against us under the Privacy Act;
• the overseas recipient may not be subject to any privacy obligations or any principles similar to the APPs;
• you may not be able to seek redress against the overseas recipient in their jurisdiction; and
• the overseas recipient may be subject to foreign laws which compel disclosure of your personal information, including to overseas government authorities.

How do we hold and secure your personal information?

We take all reasonable steps to ensure the personal information we collect, use or disclose is accurate, up to date, complete and relevant. You should ensure any personal information you provide is both relevant and accurate.

We use usernames, passwords, access controls, and encryption in transit and at rest to protect personal information stored electronically. There are inherent risks in transmitting data over the internet. While we have reasonable security measures in place, we cannot guarantee that your personal information is completely secure.

We secure hard-copy personal information by restricting access to the buildings and storage facilities in which it is held.

Third-party API credentials (email tools, automation)

If you connect a third-party tool to your account — for example an email-marketing platform such as Outstand, ConvertKit, Mailchimp, Beehiiv, ActiveCampaign, Klaviyo or Substack; an automation webhook such as Zapier, Make or n8n; a scheduling service such as Social Champ; or a generation service such as Fal AI or Kling AI — some credentials necessary for that integration may be stored against your account.

How we handle these credentials:

• Where they are stored. API keys and webhook URLs for optional third-party tools (Zapier webhook, Fal, Kling, Social Champ) are stored in your browser's local storage on your own device, not on our servers, and are sent only when you initiate an action that calls that tool.

• Email-tool credentials stored on our servers. Where you ask us to send email on your behalf (for example, to power the Sequences feature), we store the credentials required to authenticate with your email tool against your account record. These credentials are encrypted at rest with AES-256-GCM application-layer encryption (in addition to the transport-level and database-disk encryption already in place), and the decryption key is stored only in our production environment configuration, not in the database alongside the encrypted values.

• What we use them for. We use these credentials only to perform the action you have requested (send an email, post to a channel, fire a webhook, generate an asset). We do not share them with anyone, and we do not use them to inspect your other data inside those third-party tools.

• How to remove them. You can disconnect any integration at any time from Settings → Integrations. Disconnection deletes the stored credential. Account deletion also removes any stored credentials.

• Liability. Third-party tools are governed by their own terms and privacy policies; we are not responsible for their practices, and you should review their policies before connecting them.

In the event of unauthorised access to or disclosure of your personal information, we will comply with our obligations under the Privacy Act, including any obligations relating to eligible data breaches under the Notifiable Data Breaches scheme.

Data retention

We retain personal information for as long as needed to provide our services and to meet legal and tax obligations (typically seven years for financial records, in line with ATO requirements). On request, we will delete information that is no longer required and that we are not legally obliged to retain.

How can you access and correct your personal information?

You may request access to or correction of the personal information we hold about you by contacting us in writing using the details below.

We will ordinarily grant access unless:

• giving access would have an unreasonable impact on the privacy of others;
• the request is frivolous or vexatious;
• we are unable to verify your identity;
• we are entitled to reject access under any law; or
• giving access would be unlawful.

We may charge a reasonable fee for providing access (but not for making the application or correcting information). We do not charge for correction requests.

Complaints

If you believe we have breached this Policy or the APPs, please contact us at hello@seizetheyes.com. We take complaints seriously and will respond within a reasonable period. If you are not satisfied with our response, you can make a complaint to the Office of the Australian Information Commissioner (oaic.gov.au).

Sub-Processor Schedule

This schedule lists the sub-processors we engage to process personal information on our behalf, the purpose of each engagement, the categories of personal information they may process, the region in which their processing occurs, and a link to each provider's data processing agreement (DPA) or equivalent privacy terms. We provide this schedule to support compliance with GDPR Article 28 and equivalent data-protection regimes, and to give Seizers and end users transparent visibility into the parties that may handle their data.

Our use of each sub-processor is governed by the provider's own terms and DPA. Where a sub-processor is connected by a Seizer under her own account (for example via OAuth or a "bring your own key" integration), that processing is additionally governed by the Seizer's direct relationship with the provider.

We review this schedule periodically and update it when we add, remove or change a sub-processor.

Platform sub-processors (we engage directly)

Seizer-controlled integrations (engaged by the Seizer, under her own account)

These integrations are connected by the Seizer through OAuth or by supplying her own API key ("BYOK"). The provider acts as the Seizer's own processor, not ours; we facilitate the connection and call the provider's API on her behalf for the operations she requests.

Contact

Vielle Group Pty Ltd ACN 692 339 781 / ABN 30 692 339 781 Trading as Seize The Yes 6 Masters St, Newstead QLD hello@seizetheyes.com